Date: Wed, 11 May 2005 21:23:45 -0400 From: gnn@freebsd.org To: freebsd-net@freebsd.org Subject: Some notes on FAST_IPSEC... Message-ID: <m2fywtfd9a.wl%gnn@neville-neil.com>
next in thread | raw e-mail | index | archive | help
Hi Folks,
A few of us chatted about FAST_IPSEC at BSDCan today and came up with
the following task list that others might want to take a look at,
comment on, and maybe do some work on:
Tasks to update FAST_IPSec
Add IPv6 support (2-3 weeks)
Fix/update the compression code (< 1 week)
Bringing other things up to date (i.e. NATT and Raccoon)
PF_KEY separation to isolate PF_KEY from IPSec code
SDB APIs are insufficient and need to be able to do things like
bulk operations
In order to test IPSec you need to set up tunnels, of course, but the
most bugs are found by setting up the timers to recycle SAs really
fast.
Those who were there can correct/add to this list but I think this
encapsulates the thinking from today, most of which was courtesy of
Sam Leffler. Time estimates, of course, are subject to the Your
Mileage May Vary and Murphy's principles :-)
Later,
George
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m2fywtfd9a.wl%gnn>